Now that encryption has become standard on the web, the time to load everything using https is now. Luckily, certificates are provided free of charge. This guide will help you get started.

Moving to Encryption

Iframes that are not secure will fail to load once Y8 is using https connections. We will make best efforts to drop users out of ssl for these games, however, they will be devalued in our rankings until encryption is added. As browsers are starting to show warnings about non-secure sites, Y8 will push all iframed games to use a secure connection.

As a first step, ensure all external assets are loaded using a secure connection. The following shows how to load external CSS and JS assets.

<link rel="stylesheet" href="" crossorigin="anonymous">
<script src="" crossorigin="anonymous"></script>

Getting Secure

Once your external assets are secure, it’s time to secure the origin server that handles local files for games. Visit the let’s Encrypt website to begin. Note, in most cases, enabling https will require root access to the server. The certbot tool comes with predefined methods for several web servers. For node.js or other less common servers, choosing the standalone option works best. Using the certbot tool, it is possible to automate certificate renewals. Otherwise, it may require a yearly update. Once the site has a valid certificate, ensure all assets and links are using the https protocol.